Fedramp certification & Cybersecurity & Compliance Firm

For many organizations, obtaining a System and Organization Controls (SOC) attestation report is table stakes for doing business. Many customers and vendors won’t even consider working with an organization that can’t produce a SOC report issued by an independent third-party assessor. Going through a SOC examination for the first time can seem overwhelming, but by taking the time to work through a simple audit checklist, many organizations can set themselves up for success. What is SOC Compliance? Companies are often asked if they are “SOC compliant” or if they can provide proof of “SOC compliance.” These terms can create confusion around what a SOC report represents, because SOC itself is not a compliance framework. SOC reports are attestation examinations performed by an independent third party to assess whether the organization’s internal controls are designed and operating effectively to mitigate different types of risk. The guidelines for what types of risk mitigation measures are ...

  The Cybersecurity Maturity Model Certification (CMMC) is the Department of Defense’s (DoD) newest verification mechanism designed to ensure that cybersecurity controls and processes adequately protect Controlled Unclassified Information (CUI) that resides on Defense Industrial Base (DIB) systems and networks. The DoD implemented requirements for safeguarding Covered Defense Information (CDI) and cyber incident reporting through the release of Defense Federal Acquisition Regulation Supplement (DFARS) 252.204–7012 in October 2016. The DFARS directed DoD Contractors to self-attest that adequate security controls were implemented within contractor systems to ensure that CDI confidentiality was maintained. The security controls required to be implemented by the DFARS are defined within National Institute of Standards and Technology ( NIST ) Special Publication (SP) 800–171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations . The Office of the Unde...

  This article is Part One of a Four-part Series on the HITRUST Framework When you think of HITRUST, you probably think of healthcare. After all, HITRUST was originally created as the “Health Information Trust Alliance.” However, over the past few years HITRUST has evolved to serve as an industry-agnostic common security framework – such that any company in any industry can now pursue a HITRUST CSF certification. At its core, HITRUST is based on best practices from ISO/IEC 27001 and 27002, as well as more than 40 additional security and privacy regulations and standards, such as PCI, NIST and HIPAA. HITRUST considers these standards and regulations to be its authoritative sources. In addition to these authoritative sources that serve as the foundation of HITRUST, there are also more than 20 regulatory factors that an organization could consider individually based on specific industry requirement – these are optional inclusions to an assessment. Whether your organization is pursuing...